OpenID Connect & OAuth 2.0 - Security Best Practices
Offered By: NDC Conferences via YouTube
Course Description
Overview
Syllabus
Intro
Some Context...
Simplified
Attack Model (1)
Implicit Flow Request
Implicit Flow Response
No more Password Grant
Grand Unification
Machine to Machine
Client Authentication
Sender Constrained Access Tokens w/ MTLS
Interactive Applications
Redirect URI Validation Attacks
Credential Leakage via Referrer Headers
Authorization Code Injection
Mitigation: Proof key for Code Exchange
Countermeasures Summary
Mix Up Attack (Variant 1)
How does ASP.NET Core prevent Mix Up Attacks?
Public Clients
Anti Pattern: Native Login Dialogs
Using a browser with Code Flow + PKCE
Different Approaches
Anti-Forgery Protection
Refresh Token Storage in Browsers
What's next?
JWT Secured Authorization Requests (JAR)
Pushed Authorization Requests (1)
Taught by
NDC Conferences
Related Courses
Introduction to Office 365 Development and APIsMicrosoft via edX Authentication & Authorization: OAuth
Udacity API Security on Google Cloud's Apigee API Platform
Google Cloud via Coursera Developing APIs with Google Cloud's Apigee API Platform
Google Cloud via Coursera Python and Flask Bootcamp: Create Websites using Flask!
Udemy